Malicious code (malicious software, or malware) denotes all kinds of computer-executable code such as programs, macros, and scripts that are maliciously made to damage computer systems.
FIG. 1 shows the life cycle of a malicious code. Referring to FIG. 1, the life cycle of the malicious code includes a generation/opening period 10 in which the malicious code is generated and provided to the public, a distribution/spreading period 11 in which files infected with the malicious code are distributed and spread over a communication network, a recognition (active) period 12 in which the malicious code is active and a user recognizes the malicious code, a degeneration period 13 in which a vaccine program is updated and the malicious code is removed from a user's system, and an extinction period 14 in which the malicious code disappears.
FIG. 2A shows the life cycle of a malicious code variant. In FIG. 2A, the horizontal axis denotes time, and the vertical axis denotes the number of infected systems. Referring to FIG. 2A, after new malicious code 20 appears and disappears, a variant 21 of the malicious code appears continuously, thereby increasing the life cycle of the malicious code.
FIG. 2B shows time points when action is taken against malicious code. Reference numeral 22 denotes a time point when a user thinks that a vaccine program should be updated in order to cope with the malicious code, and reference numeral 23 denotes a time point when the vaccine program is actually updated. Referring to FIG. 2B, there is a time difference between time points 22 and 23. The time difference is caused by time-consuming processes of analyzing the malicious code after the malicious code is already spread, drawing up a proper scheme and updating the vaccine program according to the scheme.
Further an appearance of malicious code variants causes an increase in time and effort to analyze the malicious code.